CFPB Seeks Input on Federal Consumer Financial Protection Law

May 5, 2020

The Consumer Financial Protection Bureau (CFPB) issued a request for information (RFI) to assist with recommendations on harmonizing, modernizing and updating the federal consumer financial laws.

The CFPB’s Taskforce on Federal Consumer Financial Law seeks input from the public to help identify areas of consumer protection on which it should focus its research and analysis during the balance of its one-year appointment.

The RFI seeks comments and other information on the following topics:

  • expanding access to consumer financial products and services
  • protection and use of consumer data
  • regulations the CFPB writes and enforces
  • federal and state coordination
  • improving the market for consumer financial products and services

The comment period for the RFI closes 60 days after the date of its publication in the Federal Register.

ALTA's Data Privacy Executive Committee is reviewing the RFI. ALTA plans to submit comments. Earlier this year, ALTA released data privacy principles that recommend the development of a single, national standard to help protect consumer private information uniformly and consistently while maintaining an efficient homebuying and selling experience. Key aspects of the principles include exemptions for entities already subject to the Gramm-Leach-Bliley Act, personal information that is already publicly available and business-to-business relationships. In addition, the standards say data privacy laws should recognize the need for businesses to share personal information needed complete a transaction. Consideration also should be given to the impact on small business, with respect to the cost of compliance relative to the risk of consumer harm, the principles say. Other aspects of the standards discuss data breach notifications, a safe harbor and the right to cure.

Two questions in the CFPB’s RFI address key aspects of ALTA’s principles. Specifically, the bureau asks:

  • Both the Fair Credit Reporting Act (FCRA) and its implementing Regulation V and the Gramm-Leach-Bliley Act and its implementing Regulation P contain important protections of consumers’ personal information. Are these protections sufficient? Why or why not? If not sufficient, what further protections should the Bureau or Congress consider?
  • Most States have enacted laws that afford consumers certain protections in the event of a data breach. There is considerable variation among these laws, including the triggering events for coverage by the law and the requirements and remedies relating to a breach. Would Federal legislation, regulation, or guidance addressing data breaches be desirable? Why or why not? Would it be desirable to have a uniform national standard for data breach obligations? Why or why not?


Contact ALTA at 202-296-3671 or [email protected].